Unlicensed users of software applications, and the distribution of software applications to unlicensed users, both refer to and are examples of software piracy.
Software licenses only allow registered users to access the application. Typically, the legal terms in such licenses are such that copying a software application from a registered user's computer, and executing that application on an unregistered user's computer violates the license. Worldwide, it has been reported that more than 40% of all software in use is illegally copied. In 1997, piracy cost the software industry $11.4 billion in lost revenues. That translates into fewer jobs, less innovation, higher costs for consumers, and lost revenue for the software owners.
Abstracting to more general terms, the piracy of any ‘software products’ (for example an executable, data file(s), or streaming data; such as source and intermediate and executable code, software games, graphics, and Internet distributed movies & music) is an ever growing and costly problem for both industry and consumer markets alike. The piracy of software products (herein applications) has seen unprecedented growth in recent years with the advent and use of the Internet (particularly the World Wide Web) to distribute illegally pirated applications. Such pirating is a costly and growing problem for both the industries affected and the consumers.
Overview of Current Anti-Pirate Systems
Methods to protect applications from piracy exist, and fall into one of two categories: software methods and hardware methods. Hardware methods are more common, but are very impractical in today's dynamic markets where vendors wish to distribute applications both electronically and physically. There are very few software methods for protecting applications from piracy. Examples of such methods are: Rainbow Technologies' SentinelLM (a trademark of Rainbow), Marx Sofware's SoftSentry and Protection Plus (trademarks of Marx).
Current anti-pirating software methods within the art function as follows with a few minor twists. After the application is stored and executed onto the user's computer, the user will be provided with a generated parameter. The user is prompted to contact the vendor to exchange this parameter for a key. The user then enters the key into the system, which stores it into a hidden place(s). Some methods encrypt the key, and some do not. Some hide the key in many places, and some do not. Subsequent executions of the application verify that the key is found. If the key is not found, the user is denied access. The idea is that if the application is moved to another computer, the hidden key is not transferred. Therefore, on execution, the key is not found and access is denied. Such methods rely on authenticating registered users merely by detecting keys placed onto their system, and not authenticating the user's computer itself. Such methods suffer from the following limitations and problems, these methods are: 1) insufficiently secure, 2) the security level is static, and 3) not user-friendly for the user. In general, this is because of several drawbacks common to known anti-pirate software methods.
First, current methods rely on discriminating registered users from non-registered users by placing known values on the registered user's system—and not on discriminating a user's system itself from other systems. Second, current methods do not repeatedly authenticate the user's system itself—much less once—as the user requests access to the application. Third, current methods have an architecture that does not allow for the some functionality to be performed, at the user's system before the application is stored onto the user's system. This leads to several security risks, such as, the inability to ensure that the protected application is only sent to registered users in the first place. Furthermore, the current architecture makes it difficult, if not impossible, for these methods to have dynamic capabilities. Thus, security can not be individually tailored for each particular computer, but in fact is the same for any computer. Therefore, with current methods, a hacker may more easily develop and publish an application that will pirate any so enabled application on any computer. Finally, current methods do not have functionality that is invisible to the user—making such methods not user-friendly.